From f2593b62aabcb0f089a7bef523f85f552229d053 Mon Sep 17 00:00:00 2001
From: Nick Peng <pymumu@gmail.com>
Date: Sun, 4 Dec 2022 13:55:24 +0800
Subject: [PATCH] dns-server: return NOTIMP when request opcode is not
 supported.

---
 src/dns_server.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/src/dns_server.c b/src/dns_server.c
index dc615b7..42791ee 100644
--- a/src/dns_server.c
+++ b/src/dns_server.c
@@ -1359,7 +1359,8 @@ static int _dns_cache_reply_packet(struct dns_server_post_context *context)
 		return 0;
 	}
 
-	if (context->packet->head.rcode == DNS_RC_SERVFAIL || context->packet->head.rcode == DNS_RC_NXDOMAIN || context->packet->head.rcode == DNS_RC_NOTIMP) {
+	if (context->packet->head.rcode == DNS_RC_SERVFAIL || context->packet->head.rcode == DNS_RC_NXDOMAIN ||
+		context->packet->head.rcode == DNS_RC_NOTIMP) {
 		context->reply_ttl = DNS_SERVER_FAIL_TTL;
 		/* Do not cache record if cannot connect to remote */
 		if (request->remote_server_fail == 0 && context->packet->head.rcode == DNS_RC_SERVFAIL) {
@@ -4326,6 +4327,20 @@ errout:
 	return ret;
 }
 
+static int _dns_server_check_request_supported(struct dns_request *request, struct dns_packet *packet)
+{
+	if (request->qclass != DNS_C_IN) {
+		return -1;
+	}
+
+	if (packet->head.opcode != DNS_OP_QUERY) {
+		return -1;
+	}
+
+
+	return 0;
+}
+
 static int _dns_server_parser_request(struct dns_request *request, struct dns_packet *packet)
 {
 	struct dns_rrs *rrs = NULL;
@@ -4359,7 +4374,7 @@ static int _dns_server_parser_request(struct dns_request *request, struct dns_pa
 	}
 
 	request->qclass = qclass;
-	if (qclass != DNS_C_IN) {
+	if (_dns_server_check_request_supported(request, packet) != 0) {
 		goto errout;
 	}